1 results for tag "mcp-security-audit"
Audit `.mcp.json` for hardcoded secrets (GitHub/OpenAI/AWS keys, bearer tokens, private keys), shell-injection patterns (`$(...)`, backticks, `; | && ||`, `eval`, `bash -c`, `curl | bash`, TCP redirect reverse shells), unpinned dependencies (`@latest`, `npx` without `-y`), and unapproved servers. Produces a per-server report with CRITICAL / HIGH / MEDIUM / LOW findings plus concrete fixes β e.g., "use `${ENV_VAR_NAME}` references" or "pin to specific version".